Teenage suspect in MGM Resorts hack arrested in Britain

Police in the United Kingdom have arrested a 17-year-old for his alleged role in the cybercriminal group that brought MGM Resorts casinos to a standstill last year in a ransomware attack. 

A press release from the West Midlands Police said the Regional Organised Crime Unit and the U.K.’s National Crime Agency made the arrest of the Walsall resident on Thursday, in coordination with the FBI. 

The arrest is “part of a global investigation into a large scale cyber hacking community which has targeted a number of major companies which includes MGM Resorts in America,” they said. 

Although police did not name the group the teenager was allegedly associated with, the attack on MGM Resorts was carried out by Scattered Spider — also known as Octo Tempest, 0ktapus or UNC3944. It cost the company approximately $100 million and shut down operations across much of the Las Vegas Strip. 

Bryan Vorndran, the assistant director of the FBI’s Cyber Division, said in the release: “The FBI, in coordination with its partners, will continue to relentlessly pursue malicious actors who target American companies, no matter where they may be located or how sophisticated their techniques are.”

MGM Resorts praised its own response to the incident, saying that its refusal to pay a ransom and decision to shut down all of its systems — as well as its coordination with law enforcement — had sent the message to criminals that “it’s not worth it.” 

Scattered Spider has targeted more than 100 organizations since 2022, according to Mandiant, and has recently been setting its sights on the financial sector. 

At least two others with alleged ties to the group have been arrested this year, including the suspected ringleader last month in Spain. 

In May, the FBI’s cyber deputy assistant director, Brett Leatherman, claimed law enforcement was closing in on the hackers. 

“We are working towards charging individuals where we can with criminal conduct, in this case, largely around the Computer Fraud and Abuse Act,” he told Reuters.

Microsoft said earlier this week that Scattered Spider — an offshoot of a broader group known as The Com — had recently expanded the types of ransomware that it deploys.